As user credentials must not be persisted in human-readable text for security reasons, the passwords for users cannot be defined in the hardware declaration file.
Instead, credentials for the PLC's users can be managed through the manage-users command.
As a prerequisite for the configuration of user credentials, execute the setup-secure-communication command.
To set the password for the user from the above hardware declaration example file, run
apax hwc manage-users --input "example.hwl.yaml" --module-name "PLC_1" set-password --username "User1" --password ""
This will set the password for User1 to ExamplePassword#123.
The password will never be saved in clear text by the set-password command.
Instead, security algorithms are applied to protect the password. It will be saved to the security configuration file for PLC_1.
Storing the hash of the password is sufficient for compiling the PLC configuration, but the password cannot be determined from the saved data.
Note that a password needs to be set for every user specified in the hardware declaration file.
Password policy :
A valid password must meet the following requirements:
| Properties | Values |
|---|---|
| Minimum length | 8 |
| Maximum length | 120 |
| Minimum numeric digit | 1 |
| Minimum special character | 0 |
| Minimum upper case length | 1 |
| Minimum lower case length | 1 |
To view the list of users for which credentials have already been configured, you can run the manage-users list command:
apax hwc manage-users --input "example.hwl.yaml" --module-name "PLC_1" list
To delete a user and its credentials from the security configuration file, the manage-users delete command can be used, e.g.:
apax hwc manage-users --input "example.hwl.yaml" --module-name "PLC_1" delete --username "user1"